github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
90,326 Commits 1 Branch 31 Tags 1,019 MiB
59a28111be
Commit Graph

8 Commits

Author SHA1 Message Date
Ed Bartosh
d91861e883 kubeadm: add front-proxy CA certificate to selfhosting controller-manager 
Selfhosting pivoting fails when using --store-certs-in-secrets
as controller-manager fails to start because of missing front-proxy CA
certificate:
    unable to load client CA file: unable to load client CA file: open
    /etc/kubernetes/pki/front-proxy-ca.crt: no such file or directory

Added required certificate to fix this.

This should fix kubernetes/kubeadm#1281
 2019-01-09 17:01:18 +02:00
Ed Bartosh
7b058c4357 kubeadm: add required etcd certs to selfhosting api-server 
Selfhosting pivoting fails when using --store-certs-in-secrets
as api-server fails to start because of missing etcd/ca and
apiserver-etcd-client certificates:
   F1227 16:01:52.237352 1 storage_decorator.go:57] Unable to create storage backend:
   config (&{ /registry [https://127.0.0.1:2379]
              /etc/kubernetes/pki/apiserver-etcd-client.key
              /etc/kubernetes/pki/apiserver-etcd-client.crt
              /etc/kubernetes/pki/etcd/ca.crt true 0xc000884120 <nil> 5m0s 1m0s}),
   err (open /etc/kubernetes/pki/apiserver-etcd-client.crt: no such file or directory)

Added required certificates to fix this.

Secret name for etc/ca certifcate has been converted to conform RFC-1123 subdomain
naming conventions to prevent this TLS secret creation failure:
    unable to create secret: Secret "etcd/ca" is invalid: metadata.name:
    Invalid value: "etcd/ca": a DNS-1123 subdomain must consist of lower
    case alphanumeric characters, '-' or '.', and must start and end with an
    alphanumeric character (e.g. 'example.com', regex used for validation is
    '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')

Related issue: kubernetes/kubeadm#1281
 2019-01-02 13:40:04 +02:00
Lucas Käldström
2c71814344
kubeadm: Fully implement 'kubeadm init --dry-run' 2017-08-25 20:31:14 +03:00
Lucas Käldström
d1acdf1627
kubeadm: Make the self-hosting with certificates in Secrets mode work again 2017-08-19 00:45:16 +03:00
Jamie Hannaford
abedc49b71 Feature-gate self-hosted secrets 2017-08-16 20:01:01 +02:00
Lucas Käldström
0734b63dc0
kubeadm: Replace *clientset.Clientset with clientset.Interface 2017-08-04 21:14:50 +03:00
Lucas Käldström
66328996f2
kubeadm: Remove the old KubernetesDir envparam 2017-07-17 14:40:53 +03:00
Andrew Rynhard
38c6e83033 Use Secrets for files that self-hosted pods depend on 2017-07-06 20:36:18 -07:00